summaryrefslogtreecommitdiff
path: root/lib/raid/raid6/git@git.tavy.me:linux-stable.git
diff options
context:
space:
mode:
authorChristopher Mackle <christophermackle01@gmail.com>2026-06-20 01:39:16 +0000
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2026-07-07 13:41:04 +0200
commit252f8c681adc8614b70f844ba3de3a138c33a783 (patch)
treec113e863fba184e8b5beb9211bb15e4d7e0b6142 /lib/raid/raid6/git@git.tavy.me:linux-stable.git
parent8cdeaa50eae8dad34885515f62559ee83e7e8dda (diff)
staging: rtl8723bs: don't drop short TX frames in _rtw_pktfile_read()
Commit bc4df274dca6 ("staging: rtl8723bs: update _rtw_pktfile_read() to return error codes") changed _rtw_pktfile_read() to fail when the caller asks for more bytes than remain in the packet: if (rtw_remainder_len(pfile) < rlen) return -EINVAL; That breaks the assumption made by the data TX path. In rtw_xmitframe_coalesce() (core/rtw_xmit.c) the per-fragment copy is issued with the full fragment length, mpdu_len, which is derived from pxmitpriv->frag_len (~2300 bytes), and the code relies on the historical behaviour of copying only what is left and returning the number of bytes actually copied: mem_sz = _rtw_pktfile_read(&pktfile, pframe, mpdu_len); if (mem_sz < 0) return mem_sz; So for every outbound packet smaller than the fragmentation threshold - i.e. essentially all normal traffic, including the EAPOL frames of the WPA 4-way handshake and DHCP - rlen is larger than the bytes remaining, _rtw_pktfile_read() returns -EINVAL, rtw_xmitframe_coalesce() aborts, and the frame is dropped before it is queued to the hardware. The driver floods the log with: rtl8723bs ...: xmit_xmitframes: coalesce failed with error -22 Management frames (authentication/association) use a different path and still go out, so the interface scans and associates, but no data frame is ever transmitted. The 4-way handshake therefore never completes and wpa_supplicant misreports it as: WPA: 4-Way Handshake failed - pre-shared key may be incorrect AP mode is unaffected. The net effect is that the chip is unusable in station mode on any kernel carrying the offending commit. This was confirmed with a wpa_supplicant -dd trace on an RTL8723BS SDIO adapter (Bay Trail): message 1/4 is received and the PTK is derived, but each "Sending EAPOL-Key 2/4" coincides 1:1 with a "coalesce failed with error -22", so message 2/4 never reaches the AP, which keeps retrying message 1/4 until the handshake times out. Restore the original semantics: clamp the requested length to the bytes remaining in the packet and return that length. The skb_copy_bits() error path is kept, so genuine copy failures are still propagated. Fixes: bc4df274dca6 ("staging: rtl8723bs: update _rtw_pktfile_read() to return error codes") Cc: stable <stable@kernel.org> Tested-by: Christopher Mackle <christophermackle01@gmail.com> Signed-off-by: Christopher Mackle <christophermackle01@gmail.com> Link: https://patch.msgid.link/20260620013916.7148-1-christophermackle01@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'lib/raid/raid6/git@git.tavy.me:linux-stable.git')
0 files changed, 0 insertions, 0 deletions